Sometimes when a user can not log into their computer (shaking login) the problem is with the machine password and not the user account password. By default Windows machines reset their machine password every 30 days but Macs do so every 14. If a computer is on the network but can not connect to a DC at its password change interval it can subsequently prevent the user from logging in and/or changing their password from the computer.
To change the machine password interval on a Mac you must first unbind the computer and then follow these steps:
http://support.apple.com/kb/HT3422
Setting the passinterval to "0" is the recommended fix.
Keep in mind that having a computer never reset its password poses a potential security risk because the security channel between the computer and the DC will never be reset. This means that if someone discovers the machine password they could perform pass-through authentication directly to a DC.
Here is a good article describing the entire machine password change proces:
http://blogs.technet.com/b/askds/archive/2009/02/15/test2.aspx
And here is Microsoft's KB on the process for PCs:
http://support.microsoft.com/kb/154501
No comments:
Post a Comment